05 February 2021

Relationships and Appropriation

'A Relational Turn for Data Protection?' by Neil M Richards and Woodrow Hartzog in (2020) 4 European Data Protection Law Review 1 comments 

While most approaches to privacy and data protection focus on the data, we explore an alternative approach: focusing on relationships. it looks at how the people who expose themselves and the people that are inviting that disclosure relate to each other. It is concerned with what powerful parties owe to vulnerable parties not just with their personal information, but with the things they see, the things they can click, the decisions that are made about them. It’s less about the nature of data and more about the nature of power. And it can make data protection work better. We call this the relational turn in privacy law. 

The relational approach has deep roots in American and English law, and a growing group of scholars in North America are starting to appreciate the virtues of such an approach, whether framed in terms of privacy as trust or information fiduciaries. The clear advantage of a relational approach is that it is acutely sensitive to the power disparities within information relationships, such as those between humans and platforms. Relational models of this sort protect against self-dealing and duties of care protect against dangerous behavior. Data protection regimes like the American ‘notice and choice’ model or the more robust GDPR, by contrast, target, imbalances of power within relationships more indirectly by looking to the nature of the data. 

We think a relational turn for data protection would be superior to the current model. A relational turn would provide a path towards more substantive rules that would limit how peoples’ data could be used against them. It would focus on the real problem that privacy and data protection law should tackle – the power consequences of information relationships, making legitimacy of processing a question of fundamental fairness rather than data hygiene. Substantive data rules would demand more than that data serve a ‘legitimate interest’ of the data processor. They would focus on the power consequences of processing on the data subject, whether we apply some version of the classic fiduciary duties of care, confidentiality, and loyalty, or the trust-promoting duties of honesty, protection, discretion, and loyalty that we have called for in other work. Perhaps equally important, relational duties allow for a decoupling of choice and consent. People would be protected no matter what they choose. It’s time for data protection’s relational turn.

'Misappropriation of Personality: A Case for Common Law Identity Protection' by Nikki Chamberlain in (2021) 26(3) Torts Law Journal comments 

There is a gap in the law in Australia and New Zealand. Australia, while ahead in many jurisprudential fields, is lagging behind in privacy law protection. New Zealand, although adopting two common law privacy torts, recently refused to develop a third privacy tort based on the American privacy tort of misappropriation of personality. In light of global technological advances, and in the age of social media, there is a need to develop the tort of misappropriation of personality to protect an individual’s right to identity privacy. This article addresses the merits of adopting the privacy tort of misappropriation of personality in the context of other common law actions and their shortfalls – and, in particular, why the tort of passing off is inadequate at protecting an individual’s right to identity privacy.